Back to Top

Critical Infrastructure at Risk from Wireless Hack Attacks

London, UK – 23 April, 2013 – Digital Assurance, the independent security assessment and information assurance consultancy, today warned that critical infrastructure control systems are at risk from wireless attacks carried out over Software Defined Radio (SDR). Critical network control systems such as SCADA (Supervisory Control And Data Acquisition), Building Management Systems (BMS) and PLCs (Programmable Logic Controllers) all use a proprietary wireless technology which could potentially be hacked using SDR equipment and a PC. The specialist data communicated by these systems could be intercepted, captured and replayed to suspend service and cause widespread disruption. These systems will also be at greater risk in the future as smart meters are brought online, increasing the attack surface of the network. The lowering price point, advances in processing power and difficulties in detecting SDR attacks are also likely to increase its appeal.

SCADA industrial control systems are used to monitor and regulate utility services across multiple sites and distances and have been afforded some protection by the relative obscurity of the network in the past. However, with up to 53 million smart meters across 30 million homes and businesses being added between 2014-2019, the number of potential access points on to the network is set to increase dramatically. The data relayed between these end devices can be intercepted, captured, jammed or replayed using SDR equipment, providing the hacker with network-wide access to field devices, control stations, generating stations and transmission facilities.

The lowering price point and ease of use of SDR equipment make it the ideal tool with which to capture, intercept and manipulate widely used wireless standards. It has overcome many of the obstacles associated with wireless hacking, such as frequency hopping or advanced modulation techniques, and eradicates the need for expensive equipment or an in-depth knowledge of wireless standards on the part of the hacker.

SDR works by capturing radio frequency signals using a high-speed ADC (Analogue to Digital Converter) enabling the direct digitisation of the radio frequency signal which can then be analysed by a DSP (Digital Signal Processor) before being converted into output data stream. The user can analyse slices of spectrum at their leisure, looking for carriers and modulated signals and go on to isolate the preamble and the payload, or message headers if searching for data streams, for instance. There are a variety of SDRs on the market but the USRP (Universal Software Radio Peripheral) is the tool of choice as it allows both reception and transmission which, when coupled with open source software such as GNU Radio, allows the creation of advanced radio systems. This uses a USB 2.0 interface, an FPGA and high-speed ADCs and DACs, to generate a sampling and synthesis bandwidth a thousand times that of a PC sound card, extending the reach of the equipment and enabling wideband operation.

“Wireless assaults on critical infrastructure will grow exponentially over the next few years, in line with the rollout of smart grid networks, and SDR provides the hacker with an opportunity to jump onto parts of this network. To date, critical systems have relied upon their relative obscurity to protect them but that will have to change. The only way of protecting a wireless device from an SDR attack at present is to ensure that it has been designed, configured and deployed to resist over-the-air attacks. Very few vendors of such equipment will give this type of assurance so independent testing is currently the only option until the industry applies itself to developing a solution. Understanding exactly what radio systems have been deployed and ensuring adequate risk assessments have been conducted is an essential first step,” says Greg Jones, Director, Digital Assurance.

Greg Jones is delivering a presentation at Infosecurity 2013 on how these systems can be exploited, controlled and manipulated enabling the hacker to access everything from the gas and electricity supplies in our homes to the images fed to the police and the power supplies and SCADA of our national infrastructure. Members of the press are cordially invited to attend:

Date/Time: Wednesday 24 April, 10.00-10.25
Venue: Infosecurity Technical Theatre, Infosecurity, Earl’s Court, London
Session: SCADA, smart meters and enterprise control systems: The next threat
Digital Assurance is exhibiting at stand L60 at Infosecurity Europe 2013, the No. 1 industry event in Europe held on 23rd – 25th April 2013

About Digital Assurance
Digital Assurance is an independent vendor-neutral security consultancy founded in 2006 by experienced security professionals to bring comprehensive, effective and flexible information security services to market. We develop and deliver a range of security testing, information assurance, and security training products and services to reduce the cost and complexity of mandatory and regulatory compliance for clients ranging from large bluechip multinationals through to government agencies. Our consultants are security cleared and CREST or CHECK accredited, equipping them to tackle the most technically challenging and demanding of security projects. Plus we take an active role in the security community, conducting research on emerging technologies, exposing vulnerabilities and developing the security tools necessary to combat these threats. To find out more, please go to www.digitalassurance.com or follow us on Twitter @da_security.